Aller au contenu Aller au menu principal Aller au menu secondaire Aller au pied de page

Training: Securing your DNS infrastructure with DNSSEC

Home > Products and services > Training > Training: Securing your DNS infrastructure with DNSSEC

The DNS is a strategic infrastructure, since all internet services for companies, associations and public organisations depend on it. Implementing DNSSEC allows you to secure this key infrastructure.

Description and aims of the training course

This training course will enable you to protect your customers and your own infrastructures against any security problems that might penalise your activities. You will learn how to deploy this delicate extention that require advanced technical knowledge and a rigorous exploitation.

You will be able to:

  • Assess the benefits of DNSSEC before deploying it in your environment
  • Acquire the knowledge needed for a successful DNSSEC extension configuration
  • Operate a resolver (Unbound) to validate responses with DNSSEC
  • Build a DNSSEC infrastructure with OpenDNSSEC and manage the keys and BIND to serve the signed zones


2 days

Target audience

Registrars, DNS hosts, professionals of security and the DNS.


  • Knowledge of the basics of the DNS
  • Familiarity with the UNIX operating system and the TCP/IP network protocols
  • At least one year’s experience in the domain name administration business


Stéphane Bortzmeyer, DNS expert & R&D Engineer, Afnic

Training location

The training course is given online via our video conferencing tool.
The link to connect will be sent to you once your registration is finalized.


Practical exercises will be carried out throughout the course to help assimilate the methods and concepts presented.


€1,600 excl. tax per participant
For group enrolment, please contact us for a quotation.

DIRECTTE declaration number: 11788446878

Our experts can adapt to your needs and design a custom training course.

If you are a Registrar and a DNS host, DNSSEC adoption for the .fr zone is one of our priorities. Contact us for a personalised session.

Contact us for a personalised quotation
  • Day 1 – Morning: Reminder of the basics

    • Functioning of the DNS
    • Security of the DNS and associated risks
    • Cryptography
    • Contributions of DNSSEC

    Day 1 – Afternoon: Presentation of DNSSEC

    • Keys and DNSKEY records
    • Signing of records
    • Secure delegation
    • Proof of non-existence: NSEC and NSEC3 records

    Day 2 – Morning: DNSSEC in practice

    • Protocol details
      • DO bit and transport (EDNS)
      • Problems associated with firewalls
    • Creation of a zone signed manually
      • Validation using Unbound
      • Verifying with DIG and DELV
      • Identifying the causes of a problem
      • Performing tests with Zonemaster and DNSVIZ
    • Delegation of a zone
    • Renewal of keys

    Day 2 – Afternoon: Practical exercises and feedback

    • Creation of a signed zone with OpenDNSSEC
    • DNSSEC feedback
      • In the root zone
      • For Top-Level Domains
      • Ordinary zones signed
      • Storage of keys and HSMs
      • Frequently encountered operational problems

Upcoming training sessions

June 6 & 7, 2024

If anyone participating in the training course has a disability, please contact us on +33 (0)1 39 30 83 59 so we can make suitable arrangements.

Contact us

Last updated on 29th November 2023